WordPress plugin Quickcreator 信息泄露漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Quickcreator, which stem...

EUVD-2016-7571

Malware in sbrugna...

EUVD-2020-6137

Malware in sbrugna...

EUVD-2012-5392

Malware in sbrugna...

EUVD-2017-0733

Malware in sbrugna...

EUVD-2023-32623

Malicious code in bioql PyPI...

EUVD-2025-19963

Malicious code in bioql PyPI...

EUVD-2025-20859

Malicious code in bioql PyPI...

pyLoad < 0.5.0b3.dev76 Improper Access Control

pyLoad version prior to 0.5.0b3.dev76 is affected by an Improper Access Control vulnerability. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRETKEY variable. An attacker can leverage this vulnerability to perform further attacks against the...

CVE-2025-10745 Banhammer – Monitor Site Traffic, Block Bad Users and Bots <= 3.4.8 - Unauthenticated Protection Mechanism Bypass

The Banhammer – Monitor Site Traffic, Block Bad Users and Bots plugin for WordPress is vulnerable to Blocking Bypass in all versions up to, and including, 3.4.8. This is due to a site-wide “secret key” being deterministically generated from a constant character set using md5 and base64encode and...

GHSA-3C9F-C64M-H4WC Jenkins Statistics Gatherer Plugin vulnerability exposes AWS Secret Key

Jenkins Statistics Gatherer Plugin 2.0.3 and earlier stores the AWS Secret Key unencrypted in its global configuration file org.jenkins.plugins.statistics.gatherer.StatisticsConfiguration.xml on the Jenkins controller as part of its configuration. This key can be viewed by users with access to th...

CVE-2025-53655

Jenkins Statistics Gatherer Plugin 2.0.3 and earlier does not mask the AWS Secret Key on the global configuration form, increasing the potential for attackers to observe and capture it...

CVE-2025-53655

CVE-2025-53655 affects Jenkins Statistics Gatherer Plugin versions 2.0.3 and earlier. The root issue is that the AWS Secret Key is stored unencrypted in the global configuration file org.jenkins.plugins.statistics.gatherer.StatisticsConfiguration.xml on the Jenkins controller and is not masked in...

PT-2025-28907 · Jenkins · Jenkins Statistics Gatherer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Statistics Gatherer Plugin versions 2.0.3 and earlier Description: The Jenkins Statistics Gatherer Plugin does not mask the AWS Secret Key on the global configuration form and stores it unencrypted in the...

CVE-2025-20325

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the search head cluster splunk.secret key. This exposure could happen if you have a Search Head cluster and...

Splunk Enterprise 9.1.0 < 9.1.10, 9.2.0 < 9.2.7, 9.3.0 < 9.3.5, 9.4.0 < 9.4.3 (SVD-2025-0709)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-0709 advisory. - In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103,...

CVE-2025-5920

The Sharable Password Protected Posts before version 1.1.1 allows access to password protected posts by providing a secret key in a GET parameter. However, the key is exposed by the REST API...

CVE-2024-9606

CVE-2024-9606 — Improper API key masking in Litellm A vulnerability in berriai/litellm prior to 1.44.12 arises from the masking logic in litellm_logging.py, which only masks the first 5 characters of API keys. This allows leakage of most of the secret key in logs, as noted for version v1.44.9 and...

CVE-2024-54137

A flaw was found in the liboqs library. A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This issue results in an incorrect shared secret valu...

CVE-2024-54137 liboqs has a correctness error in HQC decapsulation

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treat...